On Fri, 12 Nov 2004 14:32:29 -0800 "Bill Landry" <[EMAIL PROTECTED]> wrote:
> ----- Original Message ----- > From: "Chris Edwards" <[EMAIL PROTECTED]> > > > On Fri, 12 Nov 2004, Dennis Davis wrote: > > > > | Sophos appear to have just issued an IDE file for this: > > | > > | http://www.sophos.com/virusinfo/analyses/w32bofrag.html > > > > But I'm skeptical that's going to recognise the emails generated > > by the thing. Ours doesn't seen to anyway :-( I suspect this > > IDE will only have an effect on a compromised windows box. > [...] > > I suspect other ports are in use too, but haven't noticed. The > > next version will no doubt randomize the port. Dodgy emails > > will simply say:"check this >URL<" at which point email content > > scanners have next to nothing to go on. > > Some virus scanners now check http links, as well. Sometimes a > switch needs to be set to enable this. For example, newer > versions of ClamAV support the following switch: > > --mail-follow-urls Download and scan URLs > > Bill > Quoted from man clamd.conf MailFollowURLs If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers. Default: disabled -- Raquel ============================================================ A man cannot be comfortable without his own approval. --Mark Twain
